feat(root): add new audit key baseCoin method

Ticket: WP-4242

TICKET: WP-4242

Author: mohammadalfaiyazbitgo

modules/abstract-cosmos/src/cosmosCoin.ts

@@ -1,4 +1,6 @@
 import {
+  AuditDecryptedKeyParams,
+  AuditKeyResponse,
   BaseCoin,
   BaseTransaction,
   BitGoBase,
@@ -43,6 +45,7 @@ import {
 } from './lib';
 import { ROOT_PATH } from './lib/constants';
 import utils from './lib/utils';
+import { auditEcdsaPrivateKey } from '@bitgo/sdk-lib-mpc';
 
 /**
  * Cosmos accounts support memo Id based addresses
@@ -665,4 +668,23 @@ export class CosmosCoin<CustomMessage = never> extends BaseCoin {
   getKeyPair(publicKey: string): CosmosKeyPair {
     throw new Error('Method not implemented');
   }
+
+  /** @inheritDoc **/
+  auditDecryptedKey({ multiSigType, publicKey, prv }: AuditDecryptedKeyParams): AuditKeyResponse {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    } else {
+      const result = auditEcdsaPrivateKey(prv as string, publicKey as string);
+      if (result.isValid) {
+        return { isValid: true };
+      } else {
+        if (!result.isCommonKeychainValid) {
+          return { isValid: false, message: 'Invalid common keychain' };
+        } else if (!result.isPrivateKeyValid) {
+          return { isValid: false, message: 'Invalid private key' };
+        }
+        return { isValid: false };
+      }
+    }
+  }
 }

modules/abstract-eth/src/abstractEthLikeCoin.ts

@@ -6,10 +6,15 @@ import { CoinFamily, BaseCoin as StaticsBaseCoin } from '@bitgo/statics';
 import { bip32 } from '@bitgo/secp256k1';
 import { randomBytes } from 'crypto';
 import {
+  AuditDecryptedKeyParams,
+  AuditKeyResponse,
   BaseCoin,
+  bitcoin,
   BitGoBase,
   FullySignedTransaction,
   HalfSignedAccountTransaction,
+  isValidPrv,
+  isValidXprv,
   KeyPair,
   MethodNotImplementedError,
   ParsedTransaction,
@@ -25,6 +30,7 @@ import BigNumber from 'bignumber.js';
 
 import { isValidEthAddress, KeyPair as EthKeyPair, TransactionBuilder } from './lib';
 import { VerifyEthAddressOptions } from './abstractEthLikeNewCoins';
+import { auditEcdsaPrivateKey } from '@bitgo/sdk-lib-mpc';
 
 export interface EthSignTransactionOptions extends SignTransactionOptions {
   txPrebuild: TransactionPrebuild;
@@ -226,4 +232,32 @@ export abstract class AbstractEthLikeCoin extends BaseCoin {
    * @return a new transaction builder
    */
   protected abstract getTransactionBuilder(common?: EthLikeCommon.default): TransactionBuilder;
+
+  auditDecryptedKey({ multiSigType, publicKey, prv }: AuditDecryptedKeyParams): AuditKeyResponse {
+    if (multiSigType === 'tss') {
+      const result = auditEcdsaPrivateKey(prv as string, publicKey as string);
+      if (result.isValid) {
+        return { isValid: true };
+      } else {
+        if (!result.isCommonKeychainValid) {
+          return { isValid: false, message: 'Invalid common keychain' };
+        } else if (!result.isPrivateKeyValid) {
+          return { isValid: false, message: 'Invalid private key' };
+        }
+        return { isValid: false };
+      }
+    } else {
+      if (!isValidPrv(prv) && !isValidXprv(prv)) {
+        return { isValid: false, message: 'Invalid private key' };
+      }
+      if (publicKey) {
+        const genPubKey = bitcoin.HDNode.fromBase58(prv).neutered().toBase58();
+        if (genPubKey !== publicKey) {
+          return { isValid: false, message: 'Incorrect xpub' };
+        }
+      }
+
+      return { isValid: true };
+    }
+  }
 }

modules/abstract-substrate/src/abstractSubstrateCoin.ts

@@ -1,4 +1,6 @@
 import {
+  AuditDecryptedKeyParams,
+  AuditKeyResponse,
   BaseCoin,
   BitGoBase,
   EDDSAMethods,
@@ -27,7 +29,7 @@ import { KeyPair as SubstrateKeyPair, Transaction } from './lib';
 import { DEFAULT_SUBSTRATE_PREFIX } from './lib/constants';
 import { SignTransactionOptions, VerifiedTransactionParameters, Material } from './lib/iface';
 import utils from './lib/utils';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
+import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import BigNumber from 'bignumber.js';
 import { ApiPromise } from '@polkadot/api';
 
@@ -519,4 +521,22 @@ export class SubstrateCoin extends BaseCoin {
     }
     return { transactions: broadcastableTransactions, lastScanIndex };
   }
+
+  /** inherited doc */
+  auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams): AuditKeyResponse {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+    const result = auditEddsaPrivateKey(prv, publicKey ?? '');
+    if (result.isValid) {
+      return { isValid: true };
+    } else {
+      if (!result.isCommonKeychainValid) {
+        return { isValid: false, message: 'Invalid common keychain' };
+      } else if (!result.isPrivateKeyValid) {
+        return { isValid: false, message: 'Invalid private key' };
+      }
+      return { isValid: false };
+    }
+  }
 }

modules/abstract-utxo/src/abstractUtxoCoin.ts

@@ -13,6 +13,7 @@ import {
   ExtraPrebuildParamsOptions,
   HalfSignedUtxoTransaction,
   IBaseCoin,
+  AuditKeyResponse,
   InvalidAddressDerivationPropertyError,
   InvalidAddressError,
   IRequestTracer,
@@ -44,6 +45,9 @@ import {
   VerifyAddressOptions as BaseVerifyAddressOptions,
   VerifyTransactionOptions as BaseVerifyTransactionOptions,
   Wallet,
+  isValidPrv,
+  isValidXprv,
+  bitcoin,
 } from '@bitgo/sdk-core';
 
 import {
@@ -1136,4 +1140,21 @@ export abstract class AbstractUtxoCoin extends BaseCoin {
   getRecoveryProvider(apiToken?: string): RecoveryProvider {
     return forCoin(this.getChain(), apiToken);
   }
+
+  auditDecryptedKey({ multiSigType, publicKey, prv }): AuditKeyResponse {
+    if (multiSigType === 'tss') {
+      throw new Error('tss auditing is not supported for this coin');
+    }
+    if (!isValidPrv(prv) && !isValidXprv(prv)) {
+      return { isValid: false, message: 'Invalid private key' };
+    }
+    if (publicKey) {
+      const genPubKey = bitcoin.HDNode.fromBase58(prv).neutered().toBase58();
+      if (genPubKey !== publicKey) {
+        return { isValid: false, message: 'Incorrect xpub' };
+      }
+    }
+
+    return { isValid: true };
+  }
 }

modules/sdk-coin-ada/src/ada.ts

@@ -31,13 +31,15 @@ import {
   PrebuildTransactionWithIntentOptions,
   MultisigType,
   multisigTypes,
+  AuditDecryptedKeyParams,
+  AuditKeyResponse,
 } from '@bitgo/sdk-core';
 import { KeyPair as AdaKeyPair, Transaction, TransactionBuilderFactory, Utils } from './lib';
 import { BaseCoin as StaticsBaseCoin, CoinFamily, coins } from '@bitgo/statics';
 import adaUtils from './lib/utils';
 import * as request from 'superagent';
 import BigNumber from 'bignumber.js';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
+import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
 
 export const DEFAULT_SCAN_FACTOR = 20; // default number of receive addresses to scan for funds
 
@@ -628,4 +630,24 @@ export class Ada extends BaseCoin {
     intent.unspents = params.unspents;
     intent.senderAddress = params.senderAddress;
   }
+
+  /** inherited doc */
+  auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams): AuditKeyResponse {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+
+    const result = auditEddsaPrivateKey(prv, publicKey ?? '');
+
+    if (result.isValid) {
+      return { isValid: true };
+    } else {
+      if (!result.isCommonKeychainValid) {
+        return { isValid: false, message: 'Invalid common keychain' };
+      } else if (!result.isPrivateKeyValid) {
+        return { isValid: false, message: 'Invalid private key' };
+      }
+      return { isValid: false };
+    }
+  }
 }

modules/sdk-coin-algo/src/algo.ts

@@ -29,6 +29,8 @@ import {
   NotSupported,
   MultisigType,
   multisigTypes,
+  AuditDecryptedKeyParams,
+  AuditKeyResponse,
 } from '@bitgo/sdk-core';
 import stellar from 'stellar-sdk';
 import BigNumber from 'bignumber.js';
@@ -846,4 +848,22 @@ export class Algo extends BaseCoin {
   private getBuilder(): AlgoLib.TransactionBuilderFactory {
     return new AlgoLib.TransactionBuilderFactory(coins.get(this.getBaseChain()));
   }
+
+  /** @inheritDoc */
+  protected auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams): AuditKeyResponse {
+    if (multiSigType === 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+
+    try {
+      const algoKey = new AlgoLib.KeyPair({ prv });
+      if (publicKey && publicKey !== algoKey.getKeys().pub) {
+        return { isValid: false, message: 'Incorrect ALGO public key' };
+      }
+    } catch (e) {
+      return { isValid: false, message: 'Invalid private key' };
+    }
+
+    return { isValid: true };
+  }
 }

modules/sdk-coin-algo/test/unit/algo.ts

@@ -1,6 +1,6 @@
 import { AlgoLib, Talgo } from '../../src';
 import { TestBitGo, TestBitGoAPI } from '@bitgo/sdk-test';
-import { BitGoAPI } from '@bitgo/sdk-api';
+import { BitGoAPI, encrypt } from '@bitgo/sdk-api';
 import * as AlgoResources from '../fixtures/algo';
 import { randomBytes } from 'crypto';
 import { coins } from '@bitgo/statics';
@@ -10,6 +10,7 @@ import { Algo } from '../../src/algo';
 import BigNumber from 'bignumber.js';
 import { TransactionBuilderFactory } from '../../src/lib';
 import { KeyPair } from '@bitgo/sdk-core';
+import { algoBackupKey } from './fixtures/algoBackupKey';
 
 describe('ALGO:', function () {
   let bitgo: TestBitGoAPI;
@@ -1128,4 +1129,43 @@ describe('ALGO:', function () {
       });
     });
   });
+
+  describe('AuditKey', () => {
+    const { key } = algoBackupKey;
+    const walletPassphrase = 'ZQ8MhxT84m4P';
+
+    it('should return { isValid: true) } for valid inputs', async () => {
+      const result = await basecoin.auditKey({
+        encryptedPrv: key,
+        walletPassphrase,
+      });
+      result.should.deepEqual({ isValid: true });
+    });
+
+    it('should return { isValid: false } if the walletPassphrase is incorrect', async () => {
+      const result = await basecoin.auditKey({
+        encryptedPrv: key,
+        walletPassphrase: 'foo',
+      });
+      result.should.deepEqual({ isValid: false, message: "failed to decrypt prv: ccm: tag doesn't match" });
+    });
+    it('should return { isValid: false } if the key is altered', async () => {
+      const alteredKey = key.replace(/[0-9]/g, '0');
+      const result = await basecoin.auditKey({
+        encryptedPrv: alteredKey,
+        walletPassphrase,
+      });
+      result.isValid.should.equal(false);
+    });
+
+    it('should return { isValid: false } if the key is not a valid key', async () => {
+      const invalidKey = '#@)$#($*@)#($*';
+      const encryptedPrv = encrypt(walletPassphrase, invalidKey);
+      const result = await basecoin.auditKey({
+        encryptedPrv,
+        walletPassphrase,
+      });
+      result.should.deepEqual({ isValid: false, message: 'Invalid private key' });
+    });
+  });
 });

modules/sdk-coin-algo/test/unit/fixtures/algoBackupKey.ts

@@ -0,0 +1,7 @@
+export const algoBackupKey = {
+  key:
+    '{"iv":"ZdWrTtponn9Q4wK9VOkJdw==","v":1,"iter":10000,"ks":256,"ts":64,"mode"' +
+    ':"ccm","adata":"","cipher":"aes","salt":"dQ6rGI+qnmk=","ct":"Y4oLG6d+w3Apo+' +
+    'nQdH2YfNcXZrA9RCrMw5M8r7GHgxsUoZ62ZHzhjk7CpOLi4YCFIwSf40pqShGrELQkA+VkGnFD"' +
+    '}',
+};

modules/sdk-coin-btc/test/unit/btc.ts

@@ -1,4 +1,5 @@
 import 'should';
+import { btcBackupKey } from './fixtures';
 
 import { TestBitGoAPI, TestBitGo } from '@bitgo/sdk-test';
 
@@ -66,4 +67,40 @@ describe('BTC:', function () {
       }
     });
   });
+
+  describe('Audit Key', () => {
+    const { key } = btcBackupKey;
+    let coin: Tbtc;
+    before(() => {
+      coin = bitgo.coin('tbtc') as Tbtc;
+    });
+
+    it('should return { isValid: true } for valid inputs', async () => {
+      const result = await coin.auditKey({
+        encryptedPrv: key,
+        walletPassphrase: 'kAm[EFQ6o=SxlcLFDw%,',
+      });
+      result.should.deepEqual({ isValid: true });
+    });
+
+    it('should return { isValid: false } if the walletPassphrase is incorrect', async () => {
+      const result = await coin.auditKey({
+        encryptedPrv: key,
+        walletPassphrase: 'foo',
+      });
+      result.should.deepEqual({
+        isValid: false,
+        message: "failed to decrypt prv: ccm: tag doesn't match",
+      });
+    });
+
+    it('should return { isValid: false } if the key is altered', async () => {
+      const alteredKey = key.replace(/[0-9]/g, '0');
+      const result = await coin.auditKey({
+        encryptedPrv: alteredKey,
+        walletPassphrase: 'kAm[EFQ6o=SxlcLFDw%,',
+      });
+      result.isValid.should.equal(false);
+    });
+  });
 });

modules/sdk-coin-btc/test/unit/fixtures/btcBackupKey.ts

@@ -0,0 +1,7 @@
+export const btcBackupKey = {
+  key:
+    '{"iv":"JgqqE4W45/tKBSMSYqD+qg==","v":1,"iter":10000,"ks":256,"ts":64,"mode"' +
+    ':"ccm","adata":"","cipher":"aes","salt":"kiLPf8VSdI0=","ct":"zUh4Oko/06g02E' +
+    'wnqOfzJbTwtE2p3b19jDk8Tum07Jv3N/RP7Bo0w/ObLBO1uIJFossO3nJ1JS+7t/vPQhdCtN8oD' +
+    '6YrZnEZYrRwN6JQkL1uYPnZ1PoWbYI9navK5CLU1KQwDTO9YEN46++OrzFH+CjpQVLblaw="}',
+};